Azure Active Directory

Welcome to the Azure Active Directory suggestions and feedback site! We love hearing from you. If you have suggestions, please submit an idea or vote up an idea. We are monitoring the site actively.

Thank you for joining our community and helping improve Azure AD!

Wehave a new log in experience integrated with Azure AD, and we stronglyrecommend you log in with your Azure AD (Office 365) account. If yourUserVoice account is the same email address as your Azure AD account, yourprevious activities will be automatically mapped to your Azure AD account.  You can read more here for details: https://techcommunity.microsoft.com/t5/Azure-Active-Directory-Identity/Putting-customers-first-for-f...

How can we improve Azure Active Directory?

(thinking…)

Enter your idea and we'll search to see if someone has already suggested it.

If a similar idea already exists, you can support and comment on it.

If it doesn't exist, you can post your idea so others can support it.

Enter your idea and we'll search to see if someone has already suggested it.

  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. 100 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    13 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
    under review  ·  Anonymous responded

    Please provide more details. DirectAccess is an on-premises technology and as such may not fall into Azure Active Directory.

  2. AD Groups in Application Owners

    Would be great to be able to add groups to application owners in AD instead of only users. Scenario is to use on-prem AD synced with Azure to keep management of application roles/groups/etc on-prem for cloud hosted solutions.

    Thanks!

    98 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    under review  ·  12 comments  ·  Developer Experiences  ·  Flag idea as inappropriate…  ·  Admin →
  3. phone factor

    Surface/expose Azure MFA (Phone Factor) attribute data in GRAPH to facilitate API-based manipulation and mitigate some of the current limitations in RBAC within "cloud only" deployments of the Azure MFA service.

    97 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    17 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  4. Custom password complexity

    Allow the ability to set different password complexities for local accounts in a B2C tenant.

    96 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    15 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow Azure AD Sync to Prepopulate the Authentication Phone Number from an Onpremise AD Object, and prevent users from entering their own.

    Allowing a User to set their own mobile number in MFA, completely negates the purpose of the Technology, in an Azure AD Connect environment.

    For a Secure environment, The Administrator would set the Mobile Number as the source of Truth in Active Directory, and it should prevent a potential attacker, from changing the mobile number as they see fit.

    If a user, who has not registered for Azure MFA yet, credentials are compromised, then an attacker could supply their own Authentication Number, and Azure MFA becomes ineffective.

    We should have the ability to set the Authentication Number in AD, and…

    95 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →
  6. Linux compatibility for AzureAD Powershell Module

    As mentioned in https://github.com/PowerShell/PowerShell/issues/5274, the AzureAD module is not compatible with Linux.

    95 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  7. CORS for App Proxy

    There should be CORS setting available on App Proxy just like we have the CORS available for App Services.

    Making calls from Azure Apps into an Azure App Proxy App is a very common scenario, especially when on-prem applications are surfaced externally using App proxy.

    More details - http://stackoverflow.com/questions/43955808/cors-prelight-issue

    93 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Application Proxy  ·  Flag idea as inappropriate…  ·  Admin →

    We’ve hit some roadblocks in our design for this feature and will need to re-evaluate options. To help us validate the scenarios we need to address, please continue to share feedback. We will update in the next couple months once we have a better idea of our timeline and approach.

  8. Allow more customization of the myapps.microsoft.com portal.

    Would be great if I could forward a subdomain to our myapps.microsoft.com portal. Instead of giving users a the microsoft.com URL, I want to give them one.theblaze.com.

    Second, would be great if there was a newsfeed widget at the top of the portal that could show an RSS feed of company news.

    92 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    17 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →

    Thanks so much for the feedback! Customizations of the My Apps portal for both end users and admins are on our roadmap. This includes providing the ability to re-arrange and group apps and as well as using a customizable domain.

    We are also looking to see if we can enable embedding other components like widgets. We’re still in process of validating options for this.
    Please keep sharing your feedback and ideas around this!

  9. Add reporting to see how many users have or have not registered for Self Service Password Reset.

    Would be helpful so we know who to target to get them registered within our organization

    90 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    16 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  10. AADB2C: include username in JWT claims

    AADB2C supports either email addresses or usernames for accounts. If a directory uses usernames, you don't get that username as a claim in the JWT. This means an extra trip to Azure must be made to retrieve the username. Please consider including the username in the JWT.

    89 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    21 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  11. Utilize AAD Security Groups for Device "Additional Local Administrators" support

    Emulating the Intune Roles method with Assignments, Members and Scopes would be ideal. Also the ability to disable Global Admin access (limit to groups/scopes added).

    86 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Domain Join  ·  Flag idea as inappropriate…  ·  Admin →
  12. Ability to update Named Locations using PowerShell

    We have around 200 locations that use dynamic IP addresses that change frequently. We have the ability to pull the public IP addresses via REST API/PowerShell, but there is currently no way to update the Named Locations list programmatically. Without PowerShell, we are forced to manually dump the list to a CSV and upload the new file.

    We would like to have the ability to add, remove, update Named Locations and entries in the IP Ranges of a Named Location.

    85 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Conditional Access  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add hashed password migration to Azure AD B2C

    Currently, I can migrate user accounts from an existing database to Azure AD B2C. However, it only accepts unhashed passwords, which is completely useless for any modern system, which should ONLY be using hashed and salted passwords. What would actually make this feature useful is to include fields for hashed password, hash algorithm (any of several standard ones), salt and salt method (i.e., appended, prepended, etc).

    84 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  14. SSPR - Allow user unlock from the windows 10 logon screen.

    You recently implemented the password reset from the Windows 10 logon screen. However, the possibility of unlocking the user when they remembered the password was lacking.

    I remember that this functionality already exists through the MIM or Azure reset link.

    83 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  15. Allow User Account Administrator to enable MFA for users, not require global admin

    A best practice is to limit the number of global admins, yet a global admin is required to enable MFA for users. This should be allowed in the User Account Administrator role to enable MFA for users.

    81 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    5 comments  ·  Multi-factor Authentication  ·  Flag idea as inappropriate…  ·  Admin →

    We aren’t planning to add the ability to enable MFA per-user to the Account Administrator, but we do have planned a limited admin role that will be able to perform that function, along with other MFA related settings. If you’ve implemented MFA through Conditional Access policy instead of the per-user enablement, you can use the Conditional Access Policy admin to control who has to do MFA.

  16. Get 'low license count' notification

    It would be beneficial to get a notification when license count gets to x number. We are syncing our users with DirSync and apply licenses based on group membership. When users get synced and we have no licenses, I have zero idea until someone comes to me that they cannot get logged in to O365.

    79 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    10 comments  ·  Licensing  ·  Flag idea as inappropriate…  ·  Admin →
  17. Recycle Bin For Deleted Devices

    Would be great if there was a recover-msoldevice cmdlet or some way to recover a bitlocker recovery key after a device was deleted.

    79 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    13 comments  ·  PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
  18. Enable SSPR to reset Windows cached credentials

    In reference to - https://docs.microsoft.com/en-us/azure/active-directory/authentication/tutorial-sspr-windows

    Its great that SSPR can now be invoked from the login screen. This however seems like a relatively minor benefit to the average user since most have a mobile device with which they can follow the flow. I don't mean to demean the achievement since its definitely needed. However, what is a major issue (and which generates just as many support issues (and erodes IT credibility) as no SSPR at all) is the lack of SSPR for cached credentials when users are off the network/VPN. This happens to be the most common use case we…

    78 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    12 comments  ·  Self-Service Password Reset  ·  Flag idea as inappropriate…  ·  Admin →
  19. Support logout and single logout with SAML 2.0 claims provider

    Support for logout and single logout with SAML 2.0 IdP configured as claims provider on B2C.

    The logout and single logout os both requested in some customer cases and in relation to the Danish governments IdP called "NemLog-in". In relation to the Danish governments IdP it is a requirement to support logout and single logout to connect to the central federation.

    78 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  B2C  ·  Flag idea as inappropriate…  ·  Admin →
  20. Password expiry notification for Azure AD joined devices?

    It would be great if a Password Expiry notification could be implement for full Windows 10 Azure AD-joined clients in the same way as the domain joined clients receive them. A notification that pops up at bottom-right corner of the screen. At the moment I wasn't able to find any way of enabling that.
    We use Azure Directory Sync - no ADFS.

    77 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    14 comments  ·  End user experiences  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base